repo-ingest

Pass

Audited by Gen Agent Trust Hub on Jun 19, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill clones source code from external repositories to the local environment for analysis.
  • Evidence: The command git clone --depth 1 {url} /tmp/repo-ingest/{name} is used to fetch external content in SKILL.md.
  • [COMMAND_EXECUTION]: The skill uses shell commands to manage repositories and files, which could be misused if command arguments are improperly handled.
  • Evidence: Use of git clone, git log, cat, git checkout, and git branch across the mandatory steps in SKILL.md.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it processes content from external repositories that could contain malicious instructions.
  • Ingestion points: External repositories are cloned and their documentation, README files, and source code are read by the agent as described in Step 2 of SKILL.md.
  • Boundary markers: Absent. No specific delimiters or safety instructions are provided to distinguish between the skill's own logic and the data read from external sources.
  • Capability inventory: The agent has access to tools for network cloning (git clone), file reading (cat), and writing changes back to the local repository (git branch, git checkout).
  • Sanitization: Absent. There is no evidence of filtering or sanitizing the content read from external repositories before it is processed by the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 19, 2026, 11:41 PM
Security Audit — agent-trust-hub — repo-ingest